...
For whatever reason you don't want an account, you may still report vulnerabilities – anonymously! However, if you want to participate in the coordination process, including discussions with vendors and researchers/reporters, then an account is required. VINCE was designed and created to encourage the interaction between vendors and reporters. An potential benefit is that multi-vendor coordination efforts may become more cooperative – with vendors sharing information on how to mitigate the vulnerability.
Getting an account
...
Once you receive the access code please
- Enter the code into the form
- Click submit.
...
- VINCE coordinator reviews your account for approval.
- Upon approval,
- You will receive an email indicating your account has been approved and you are directed to kb.cert.org/vince to log on.
- If you have your browser open and the approval came quickly, you may also have a popup box indicating you can not login.
- You will receive an email indicating your account has been approved and you are directed to kb.cert.org/vince to log on.
...
Login first time - Multi-Factor Authentication Required
VINCE currently offers a choice
- Time-based one-time (TOTP) passwords as second factor authentication. To use TOTP, you need access to an app such as Google Authenticator, Duo, or LastPass Authenticator.
- Short Message Service (SMS) text messages
...
TOTP
- Select TOTP
- The system generates an image that is scanned into your device, running an application ... and displays the scan code on your screen
- Scan the code into your authentication application. This action should generate a code.
- Enter that temporary password (or code).
- (Optional) Name that device, software or application, so you may easily access the correct code generator.
- You will have two forms of confirmation your account has successfully enabled TOTP Multi-factor authentication on your account.
- Web page indicating success and displaying your User Profile
- An email message
- Web page indicating success and displaying your User Profile
...
SMS
- Select SMS
- Enter the phone number you will use to receive text messages containing an authorization code.
- Use the International format as follows: + (country code) phone number
- If you have a United States number, please use +1 NPA-XXX-XXXX
(NPA: Numbering plan Area a.k.a. area code)
- Click Submit
- Verify your account by entering the authorization code contained in the text message.
- You will have two forms of confirmation your account has successfully enabled SMS Multi-factor authentication on your account.
- Web page indicating success and displaying your User Profile
An email message
- Web page indicating success and displaying your User Profile
...
Password Recovery
...
- Failed login attempt
- A failed login attempt will display a reminder that the user email address and password are case sensitive.
- Within this box are two options:
- 1. Forgot your password?
- 2. Signup for a VINCE account
- VINCE Password Reset
- Enter the email address for a password reset,
- Click Submit
- Or, Click Need help?
- Need help? will display the VINCE Account Help providing:
- The link to reset your password;
- Telephone number to request assistance;
- Email address to request assistance.
- VINCE Password Recovery form
- Your email should have a message with a verification code.
- If you have not received an email, please check your spam folder
- Go back and re-enter the email address.
- If your email address has changed, please use the VINCE Account Help to get your current email address updated in the VINCE system.
- Enter the verification code;
- Enter the new password (password requirements are the same);
- Re-enter the new password;
- Click on Submit.
- VINCE will respond with Password Reset Complete message and the link to login.
- Your email should have a message with a verification code.
...
- 2FA required
- Recover/reset account
- Want to be anonymous? See FAQ, can report without creating account.
...